• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Unix Administration 3
 

Unix Administration 3

on

  • 792 views

http://www.cju.com/classes/2002/ITI481-03/

http://www.cju.com/classes/2002/ITI481-03/

Statistics

Views

Total Views
792
Views on SlideShare
791
Embed Views
1

Actions

Likes
0
Downloads
61
Comments
0

1 Embed 1

http://www.slideshare.net 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Unix Administration 3 Unix Administration 3 Presentation Transcript

    • ITI-481: Unix Administration Meeting 3 Christopher Uriarte, Instructor Rutgers University Center for Applied Computing Technologies
    • Today’s Agenda
      • Account Management
      • File and directory permissions and management
    • Unix System Accounts
      • Access to system resources is controlled through user and group assignments.
      • Two types of user accounts:
        • “ Root” user – the system administrator; the “superuser” who has permission to execute every command and read every file on the system. “Root” has total control of everything on the system.
        • Normal user – any user that is not the root user.
      • As you’ve experienced thus far, almost all UNIX administration is done as the root user.
    • Becoming the Root User
      • There are two ways that you can log in as the root user
        • Sitting at the system console, you can simply log in as root .
        • If your are logged in as another user, you can use the “ su ” command at the command prompt to change to the root user (you will be prompted for the root password). You then have full root rights until you exit your shell.
        • Root login is restricted via remote access (telnet or ssh) – you must first log in as a non-root user and then use “ su ”
    • UNIX System Components Related to Account Creation
      • /etc/passwd – The system user file, contains information about users on the system.
      • /etc/shadow – The file that actually contains the passwords
      • /etc/group – The system group file, defines user groups on the system.
      • User Home Directories ( /home/username )
      • Initialization shell scripts ( .login, .bash_profile, .cshrc, etc. )
    • Passwords on UNIX Systems
      • Should always be encrypted when stored – all modern UNIX systems use password encryption.
        • Crypt encryption – up to 8 characters
        • MD5 encryption – up to 256 characters
      • Should be a combination of random letters, numbers, and special characters.
      • Used to be stored in /etc/passwd , but now stored in /etc/shadow
      • Passwords are set using the “ passwd ” command. Only the root user can change passwords for other users.
        • passwd – changes your own password
        • passwd username – changes another user’s password
    • The /etc/passwd File
      • Stores a user’s username, unique user ID number, default group ID number, Full name, home directory and login shell.
        • Each user on the system has a unique UID, assigned by the system.
        • The root user has the UID of 0 (zero) – THIS is what characterizes the root user, not the username “root”
      • /etc/passwd File format: (One Entry Per Line, fields separated by colons): username:x:user ID (UID):default group (GID):name (GECOS): home directory:login shell
      • Sample entry (with shadow file): kkaplan:x:500:500:Kellee Kaplan:/home/kkaplan:/bin/bash
      • Typical file permissions: -rw-r--r-- 1 root root 865 Mar 28 10:44 /etc/passwd
    • The /etc/shadow File
      • Stores encrypted user passwords.
      • /etc/shadow File Format: login name:encrypted password: other options for password expiration and changing (non-standard)
      • Sample entry (One Entry Per Line, fields separated by colons): kkaplan:$1$iwdVDnei&aBcxvpyYi06:10987:0:99999:
      • Typical permissions (IMPORTANT!): -r-------- 1 root root 752 Jan 31 11:45 /etc/shadow
    • The /etc/group File
      • Contains information about system groups and the users that are members of each group.
      • Contains the fields: Groups Name, unique group ID number and a list of the groups members.
      • Entry format: group name:x:GID:comma-separated list of group members
      • Sample entry: staff:x:103:kkaplan,jsmith,jdoe
        • (a group called staff with the members kkaplan, jsmith and jdoe)
    • Account Management Tools
      • With the exception of /etc/group, all account management files are managed through simple command-line tools.
      • Command line
        • Users: useradd, userdel, usermod
        • Groups: groupadd, groupdel, groupmod
        • Specific fields: passwd, chsh
      • Graphical
        • LinuxConf (Linux only)
        • Control-panel
        • Lots of other graphical UNIX utilities.
    • Managing Users
      • The useradd utility is used to create system user accounts.
      • You can simply add a user with:
        • useradd johndoe
        • (Creates the user johndoe on the system)
      • useradd has a number of simple options, that allow you to specify user attributes during account creation.
    • useradd Syntax and options
      • Useradd options include:
      • -u UID -g default group
      • -d home directory -s default shell path
      • -c “Comment or Full name”
      • -m (make the user's home directory)
      • useradd –m –d /opt/home/chrisjur –g staff –s /bin/bash chrisjur
      • Creates a user named “chrisjur”, makes his home directory, sets his home directory to /opt/home/chrisjur, sets his group to “staff”, sets his shell to /bin/bash
    • Important useradd Tip!
      • After you add a user, YOU MUST assign a password to the user using the “passwd” command.
        • passwd username
      • The user will not be able to login until you set a password!
    • useradd Syntax and options
      • If no options are specified, system defaults are used when creating a user (default shell, default home directory path, etc.)
      • Similarly, the usermod command can be used to modify an existing user’s attributes using the same syntax as useradd .
        • usermod –s /bin/sh chrisjur
        • Changes chrisjur’s shell to /bin/sh
    • Deleting System User Accounts
      • System users can be deleted using the userdel command with the syntax:
        • userdel username
      • e.g:
        • userdel chrisjur
        • Deletes the user chrisjur from the system.
      • userdel DOES NOT delete a user’s home directory or its contents. You must either delete it manually or use the “-r” switch with userdel ( userdel –r username )
    • Exercise: Account Creation with Command Line Tools
      • Use useradd to create an account for the login student3 . Use the appropriate flags to set a default group of “users”, a home directory of /home/student3, and a password of your choosing.
      • Login to the student3 account.
      • Use userdel to remove the student3 account.
    • UNIX Groups
      • UNIX provides a grouping functionality that allows you to group system users together, allowing them to access common system resources, such as files and directories.
      • UNIX groups provide a typical way for non-root users to collaborate on projects by sharing permissions (write/read/execute permissions) on system resources.
    • Grouping Example
      • Problem: You have a series of web pages files that reside under /var/opt/www/htdocs. You need give your 3-person web-development team the ability to edit these files.
      • Solution: Create a group called “webdev”, place the 3 users in the devel team in the group and make /var/opt/www/htdocs and all its files group-readable, writeable and executable.
    • Creating UNIX Groups
      • You can create UNIX groups using the groupadd utility:
        • groupadd staff
        • Creates a group called “staff”
      • After creating a group, you must then manually add members to the group by adding their usernames to that groups line in the /etc/group file.
      • Group members are added to /etc/group as a comma-separated list after the group name and parameters.
    • Adding Users to Groups
      • After creating a group called “staff” (using groupadd staff ), an entry is placed in /etc/group that looks like this:
        • staff:x:506:
      • You can add the users chris,john and joe to the group by editing /etc/group and adding them after the last colon:
        • staff:x:506:chris,john,joe
    • Deleting Groups
      • You can delete groups using the groupdel command:
        • groupdel groupname
    • Changing File Ownership
      • If you want to change the ownership of a file or directory to another user, you can use the chown command:
        • chown <user> <file(s)>
        • chown chris /home/chris/hisfile.txt
        • chown chris /home/chris
      • Useful chown option: “-R” – recursively change ownership:
        • chown –R chris /home/chris
        • #Changes /home/chris and all files/directories under it to chris’s ownership
    • Changing Group Associations
      • If you would like to associated a file or directory with a particular group, you can use the chgrp command:
        • chgrp <group name> <file(s)>
        • chgrp staff /home/staff/groupfile.txt
        • chgrp staff /home/staff/projects
      • Useful chgrp option: “-R” – recursively change group associations:
        • chown –R staff /home/staff
        • #Associates /home/staff and all files/directories under it with the staff group
    • Using chmod with Groups
      • You can use chmod to change a files group permissions.
      • -rwxr--r-- chris staff 100 Apr 4 2000 file.txt
      • #file readable, writeable and executable by its owner, and readable by members of its group and other users.
      • Use chmod to allow members of the staff group to read, write and execute the file.
      • [user@host]# chmod g+rwx file.txt
      • -rwxrwxr-- chris staff 100 Apr 4 2000 file.txt
      • #file is now readable, writeable and executeable by its owner AND members of the staff group – but only readable by all other system users.
    • Exercise: User and Group Creation
      • Create two users: user1 and user2
      • Create a group called “class”
      • Create a file called /etc/classtest.txt with the words “Hello world” in it.
      • Associate the file /etc/classtest.txt with the “class” group
      • Set the permissions so members of its group can write to the file.
      • Add user1 and user2 to the group.
      • Logout and log back in as user1 – attempt to write to the file. Logout.
      • Login as user2 - attempt to write to the file.
    • Homework
      • TBA